All across the world, electronic communications is beginning to supplant and replace other communication forms. Portable computing devices have become ubiquitous. Users are now using such devices instead of more traditional means to communicate. It is now common for users to employ their wireless portable devices more for exchanging written or textual messages and photographs than for other tasks. Teenagers especially like text messaging, although texting has become extremely popular all across society.
While open and easy electronic communication between a wide range of users and user devices provides tremendous advantages, it also presents some challenges. One important challenge relates to privacy of communications.
For example, text messages (SMS) are currently one of the most highly vulnerable types of information a mobile workforce can send. With less than $100 worth of equipment, an attacker can intercept and clearly read just about any textual message sent from most portable devices. Yet, every day 2.5 billion text messages are sent in the United States alone. This lack of privacy can have serious consequences.
In one's personal life, a stalker or other undesirable person is now able to intercept and read messages sent from your portable device. Such messages can reveal your whereabouts, activities and future plans, creating opportunities for criminals to attack life, limb and property.
In the business world, employees cautioned to avoid communicating sensitive competitive information via electronic means often nevertheless insist on doing so because electronic communication is typically the most convenient form of communications when on the road, during meetings and in a variety of other situations.
In even more sensitive endeavors such as law enforcement, the military, government policymaking, customs and the like, undesired interception of sensitive information could have far-reaching consequences to our way of life.
Fortunately, powerful electronic encryption techniques exist for protecting electronic communications. Of course, codes and ciphers have been known since ancient times and have been used for electronic communications virtually since the time electronic communications came into existence. For example, during the American Civil War, it was common for both Federals and Confederates to encrypt their telegraph dispatches before transmission. In World War II, the allies achieved a great advantage when cryptographers at Bletchley Park cracked the Enigma code the Germans were using to encrypt sensitive radio dispatches. Since then, secure encryption algorithms based on public key cryptography and/or shared symmetric keys can be efficiently implemented on even low-capability computing devices to provide a high degree of data security. Depending on key length, a typical laptop computer can now encrypt communications in a way that makes it computationally infeasible for an attacker to break or crack the code within any reasonable amount of time.
While strong encryption algorithms are known and in wide use, not all users have access to them. One challenge is the wide array of different kinds of portable devices the average user uses for electronic communicating. Devices come in all forms: netbooks, tablets, cell phones, PDA's, laptops, and many other variations. People now often carry portable laptop or tablet computers or personal digital assistants mostly to allow them to exchange messages electronically. Such devices allow the seamless exchange of text and voice messages, emails, videos, photographs, audio recordings and a range of other electronic media. Many such devices are wireless, allowing information to be exchanged over a variety of different types of networks including for example local or wide area networks, the Internet, Wi-Fi, WiMax, cellular, and other wireless communication protocols and infrastructures. A business user may use three or four different devices (e.g., laptop computer, tablet computing device, PDA, cell phone, etc.), sometimes even simultaneously, to communicate with other users. Each device may use different forms of security, and some devices may have no security at all. For example, many users use a Virtual Private Network (VPN) to create an encrypted “tunnel” between their laptop computer and an enterprise server or firewall. Unfortunately, such VPNs may not be able to be used with some common user devices such as PDA's, iPADS, cell phones, or the like. Some users use Windows or Linux based software such as Pretty Good Privacy (PGP) to encrypt email communications, but that software may not be available for use on other portable devices.
In more detail, FIG. 1 shows an exemplary illustrative non-limiting prior art system or architecture for conveying messages between end-user devices. System 100 can be used with a variety of different kinds of end user or other devices (see e.g., FIG. 1A) including for example wireless or wired laptop computers 102, tablet computers 104, personal digital assistants or cell phones 106, routers 108, or virtually any other kind of device. Any such devices may have a need to communicate messages to any other such device.
In the particular example shown in FIG. 1, wireless connectivity is established between an end-user device such as tablet computer 104 and a personal digital assistant or cell phone 106′ via a wireless communications infrastructure such as for example cellular telephone or other wireless transceivers linked together by various computers 118. Computers 118 may include for example, one or more mobile switching centers 120, a short or other message service center 122, and one or more gateway mobile or other switching centers 124. Gateway 124 can provide connectivity via the Internet 126 or other networks with a variety of other wide or local area networks including but not limited to for example a directly-connected server 110, a computing device 128 linked by a hotspot or other access point 130; a local area network 132 connecting multiple computing devices 134 via a firewall 136 and router 108, or any other well known data communications infrastructure.
Briefly, in the example shown in FIG. 1, an end-user device such as 106 generates a message in a particular format. Such message may be formatted as for example an SMS (short message service) or so-called “text” message, a multi-media service (MMS) message, an email, a photograph or graphic, a Word document or other word processing file, a Power Point document, or any other desired format. The user of device 106 wishes to send this message to the user of another end-user device such as device 102′ via data communications system 100. Assuming appropriate subscriptions, access permissions and the like are provided and in place, it is no problem for the end user of device 106 to appropriately address the message to the end user of device 102′ and transmit it wireless or wired via system 100 for conveyance to the end user of device 102′. In a similar way, messages and data can be exchanged throughout system 100 between the various devices shown.
A problem arises however when an attacker wishes to receive or eavesdrop on the transmitted message without authorization. For example, suppose the end user of device 106 is a law enforcement officer who wishes to notify headquarters of her current location. Such location information would be very useful for a terrorist who wishes to attack and evade detection, or for a criminal who wishes to burglarize a residence without being caught. Similarly, if the end user of device 106 is making a social engagement, a stalker who reads the message may be able to use the intercepted information to threaten the life, limb or property of the user. If the user is exchanging sensitive personal information such as credit card or other financial information or other information that the user does not wish to become widely known or publicly available, the end user may be fooled into thinking that system 100 communicates messages relatively securely. In fact, conventional communications systems such as 100 are highly vulnerable to attack, as FIG. 2 shows.
Unfortunately, nearly every communications link and computer within system 100 can be an entry point for an attacker wishing to intercept and eavesdrop on messages being exchanged between the end user of device 106 and the end user of device 102′. Unauthorized software present on the various devices shown such as viruses can intercept exchange messages and send them to unauthorized individuals. The wireless connections themselves, if used, provide an easy way for any individual with the appropriate equipment to listen in on data communications. The Internet or other network 126 may be a public network that provides ample opportunities for spoofers or other attackers to insert equipment that stores copies of messages being passed and allows the attacker to read them or glean other information from them. The end result is a highly insecure system that has the potential of compromising virtually any message sent across it.
Techniques are currently known for providing additional security in the context of system 100, but generally speaking, such security requires either proprietary devices or software, intermediary computers or other infrastructures or both. For example, some end-user devices 106 such as BlackBerries® have built-in encryption capabilities that encrypt data communications with other BlackBerries®. However, generally speaking, such a solution requires an enterprise server or other infrastructure and is also limited to secure communications between like devices. For example, when sending an SMS or text message from a wireless BlackBerry® to a cellular telephone or a laptop computer, there is generally no way to encrypt the message for security purposes. Other known solutions install special proprietary software on the end-user devices (e.g., Pretty Good Privacy) but such solutions tend to work only with more capable devices such as laptops or netbooks and are not available for the wire variety of less-capable or different devices such as personal digital assistants, cellular telephones, music players, remote control devices, etc.
If secure encryption is not readily available and easy or almost automatic to activate, it is almost inevitable that a user will eventually send sensitive personal, business or other information in clear text form, thereby potentially compromising the information to attackers, spoofers and eavesdroppers. What is needed is a convenient, easy to use, ubiquitous, automatic secure communications capability that can automatically encrypt and decrypt messages over a wide variety of platforms without requiring any special intermediating security components such as gateways, proxy servers or the like. Trusted (verified) and secure (protected) applications are a huge opportunity in the mobile workforce market. Trusted/secure applications for the mobile workforce can significantly improve productivity and effectiveness, while enhancing personal and organizational security and safety.
Example non-exhaustive non-limiting features and advantages of exemplary illustrative non-limiting implementations include:
User selects “Secure” for transmission—no other unique user interaction required
Transmissions are kept encrypted unless being viewed
Transmission may have durations placed on them such that after a specific length of time they can no longer be decrypted/viewed
Encryption and Keys will be standards based (unless otherwise selected by the organization)
User Public/Private key pair is auto generated by the application upon installation
Key Rings are only limited by available device memory
Keys may be used on multiple mobile devices
Optionally, an organization can elect to use a separate Key management system other than the one on the device. Does not require an intermediary Key server                Able to secure applications that are currently used by literally millions of workers daily. Possible to take these applications and add security which will be ubiquitous and almost invisible to the user        A Trusted Short Messaging Service (commonly know as “text” for the Blackberry, iPhone, WinMo, Android and other platforms. While it will not prevent the intercept of the Text Message, it WILL prevent anyone from reading it. This has applications for Law Enforcement (FBI, DEA, ATF, etc), DoD, Law Makers (Senate, House, White House), DoJ, TSA, Customs & Boarder,—any agency which has sensitive information        Key Management And Modular EncryptionExample Market Applications        Operational on Blackberry 8300 (the primary US Government Model of Phone) and subsequent Models as one example        Modular Solution Architecture—using the existing device encryption; AES which can be a default; or install an encryption capability can be supplied by the customer or user        Over-The-Air (OTA) Flexible Key management system (keys may be changed at anytime)        Optional Central Key management system—each agency can manage their own keys        No Gateways required in some embodiments        Revocation of Keys over the air        Auto Sync with Computer        Contact list selection for To:        Contact list annotation of secure receive capability per individual        Simple to use management console for a) Key distribution, b) key management and c) Phone wipe        Implement the ability to wipe the SMS messages over-the-air (OTA)        Implement the ability to wipe the phone (all applications and data) OTA        Trusted and Secure Multimedia Messaging Service (MMS—the ability to send pictures, voice and files direct without email servers)        Fully protected image attachment from camera        Fully protected file attachment        Instant Messaging Secure Communications Chat Application        Secure Communications between laptops/notebooks/netbooks/slates/tablets/phones/desktops/or any other device        Invisible to the user for use, but can supply a visual indicator that the security is in force—such as a lock image or change in color of the screen        Instant security        Router enabled        Wired or wireless (WiFi, 3G, 4G)        Possible to architect and develop specialized applications for Government users as custom solutions        An email App can encrypt the body and attachments of an e-mail        Email App can send the encrypted e-mail through the users e-mail system        No Central or specialized server required        Encryption of files on the phone or laptop        Provides compatibility between mobile phones, mobile computers and office computers        Encryption of Pictures        Compressed and Encrypted        Encryption of Video        Compressed and EncryptedExample Peer-to-Peer Secure-SMS        With no server involved, the encryption is between two peers and be fully protected end-to-end        Using Public/Private key pairs are generated in the device itself by the application and can be changed at any time        Once a device has established its own Public/Private key pair, it can send an SMS message to the other side in effect saying: “here's my public key”. The receiving side can be presented a message “Bob wants to exchange keys with you, ok?”. If Alice says “ok,” then her application accepts Bob's public key and returns Alice's public key to Bob. Now the two can send each other secure messages in the future as each has added the other to their key ringExample Management System        Provides a management system wherein the management system can generate public/private key pairs along with a enterprise identity for a registered user, delivering them securely to each registered end-point        Distribution can be done remotely        Once the keys are established, the same procedure as the Peer-to-Peer secure SMS exchange can be followed except that if Alice doesn't have the same enterprise hash present in her key ring, she couldn't accept Bob's Public Key and thus secure communications using the enterprise keys would not be possible. This system would always be peer-to-peer but rely on a secondary enterprise hash to ensure that the peer-to-peer ‘club’ is restricted to members only        Key timeout, message expiration etc. Timing can be established such that every message can expire and virtually become unreadable—the length of time can be set by the user or by the enterprise        Plug-in encryption modules: allows for interchangeable encryption modules that would permit higher-strength or different strength encryption to meet an enterprise requirementExample Peer to Peer Encrypted Communications        Independent of the transport (communications medium—cellular, internet, satellite, etc)        Secure Text messaging (SMS—Short Message Service) without server/intermediary devices        Stealth Mode for text messaging        Steganography for additional protection and compression        Enterprise Key Management System Option        Secure E-mail        Secure Multimedia Messaging System (MMS)        Secure Tweets        Secure Chat        Secure Instant Messaging (IM)        No Intermediary Device (server, host, etc) required for secure transmission        Fully Protected from the Mobile Device to the Mobile Device        Storage or memory is use to maintain the data structures, messages and applications        The Processor executes the application from memoryExample Devices        Mobile Devices—Phones/PDAs        Netbooks/Laptops/Notebooks        Mobile Devices—Pads/Slates/Tablets        Routers—wired/wireless        Other Machines—soda, rental, etc        User Interfaces can be unique to each manufacturer's specification; however, can provide the same user experience as their standard communications devices        The Text Writing Module can use the same module as the standard message system uses        The Cryptographic interface is designed to allow multiple cryptographic modules to be used, allowing the cryptology used to be changed without major changes to the applications; this provides for companies, governments, agencies to use different cryptographic algorithms such as AES 256, AES 128, RSA, Blowfish, IDEA, etc.        The Ciphertext—which what is generated when plain message is converted via encryption—will be compatible with ASCII Text such as ASCII/128 for subsequent transmission enabling communications through most environments. Other transforms such as compression are possible based on the communications conditions or requirements.        User selects “Secure” for transmission—no other unique user interaction required        Transmissions are kept encrypted unless being viewed        Transmission may have durations placed on them such that after a specific length of time they can no longer be decrypted/viewed        Encryption and Keys standards based (unless otherwise selected by the user or organization)        User Public/Private key pair is auto generated by the application upon installation        Key Rings are only limited by available device memory        Keys may be used on multiple mobile devices        Optionally, an organization can elect to use a separate Key management system other than the one on the device        